OverTheWire: Bandit Level 21 → Level 22


Level Goal

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

Commands you may need to solve this level

cron, crontab, crontab(5) (use “man 5 crontab” to access this)

> whatis cron
cron (8) - daemon to execute scheduled commands (Vixie Cron)
> whatis crontab
crontab (1) - maintain crontab files for individual users (Vixie Cron)
crontab (5) - tables for driving cron

Helpful Reading Material


Since we know there is an task that is being executed by cron lets have an look at all the cron jobs on the system

bandit21@bandit:~$ ls /etc/cron.d/
cronjob_bandit15_root cronjob_bandit22 cronjob_bandit24
cronjob_bandit17_root cronjob_bandit23 cronjob_bandit25_root

Since we require the password for bandit22 the task that we are looking for should be cronjob_bandit22

bandit21@bandit:~$ cat /etc/cron.d/cronjob_bandit22
@reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null

When we look at the cron job for bandit22 we see that there is an shell script that is being executed every second

(For detailed information on the syntax of cron jobs refer the attached resources)

Lets have a look at the contents of the script and try to understand what is it trying to perform

bandit21@bandit:~$ cat /usr/bin/cronjob_bandit22.sh
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

When we look at the script we see that it is creating an file called t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv in the /tmp directory and then saving the password for the next level into that file.

Lets view the content of the file that is created by the script

bandit21@bandit:~$ cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

And there we go we have the password for the next level !!!

Logout of the current session and start the next level as bandit22

ssh bandit22@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit22@bandit.labs.overthewire.org's password: Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Compilation step by step in C with GCC

Python Sets and Frozensets Explained

What has changed for a decade?

The Ultimate Guide to Cross-Platform Mobile App Development

Teams Fireside Chat — Episode 01 — Q&A

💥| Deterministic Physics and Predictable Explosions | 💥

You can use my C library “libmatrix” instead of Matlab and develop it!

Simplify Code Review Process with Auto Mention Code Review Systems

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
David Varghese

David Varghese

More from Medium

Set up an AWS EC2 instance with port-forwarding and access your private home server from anywhere

Me casually connecting remotely to my private server

How to keep an SSH connection when establishing an OpenVPN connection on a VPS server

Crude Coffee, Clumsy Code

Creating a Menu item in Kali Linux